Abstract
Security is a major concern for all involved in E-Commerce and particularly in the case of online transactions using debit/credit card. Following the failure of Secure Electronic Transaction (SET), 3-D Secure is an emerging industry standard for online transaction security. Although 3-D Secure is a well designed protocol, it is still prone to some security problems and excessive numbers of messages which could reduce the speed of transaction. This paper uses a new cryptographic technique based on password only authentication and key exchange to present a new vision for 3-D Secure. The new vision covers the security problems and reduces the number of messages for 3-D Secure. Moreover, the new vision has the development ability to simulate SSL/TLS in its simplicity and at the same time abolishes SSL/TLS security glitches. This simplicity and security are the necessary factors for online transaction protocol to be the future standard.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Visa International Service Association. 3-D Secure Protocol Specification: Core functions version 1.0.2 (July 2002)
Visa International Service Association. 3-D Secure Protocol Specification: System over-view version 1.0.2 (July 2002)
Jarupunphol, P., Mitchell, C.J.: Measuring 3-D Secure and 3-D SET against ecommerce end-user requirements. In: Proceedings of the 8th Collaborative electronic commerce technology and research conference, National University of Ireland, Galway, pp. 51–64 (June 2003)
Rubin, A.D., Geer, D., Ranum, M.J.: Web security sourcebook A complete guide to web security threats and solutions. John Wiley and sons, Chichester (1997)
Ghosh, A.k.: E-commerce security: weak links, best defenses. John Wiley and sons, Chichester (1998)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, Oakland, CA, May 1992, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Boyd, C., Mathuria, A.: Protocols for authentication and key establishment. Springer, Berlin, Germany (2003)
IEEE Standard 1363.2 Study Group. Password-Based Public-Key Cryptography, Available from: http://grouper.ieee.org/groups/1363/passwdPK
Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using SRP for TLS Authentication. Internet draft-ietf-tls-srp-10. 06/10/05, expires 09/04/06
Abdalla, M., Chevassut, O., Fouque, P.-A., Pointcheval, D.: A Simple Threshold Authenticated Key Exchange from Short Secrets. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 566–584. Springer, Heidelberg (2005)
Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL protocol version 3.0. Netscape (1996)
Dierks, T., Allen, C.: The TLS protocol. version 1.0. IETF, RFC 2246 (January 1999)
Wu, T.: SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, Submission to the IEEE P1363 Working Group (October 2002)
Wu, T.: The SRP Authentication and Key Exchange System. IETF, RFC 2945 (September 2000)
Wu, T.: The secure remote password protocol. In: Proceeding of the internet Society Network and Distributed System Symposium, pp. 97–111 (March 1998)
The Stanford SRP Authentication Project, Stanford University, USA, http://srp.stanford.edu/
Open SSL project, http://www.openssl.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Assora, M., Shirvani, A. (2006). Enhancing the Security and Efficiency of 3-D Secure. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_35
Download citation
DOI: https://doi.org/10.1007/11836810_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)